CVE-2026-45829

Name of the Vulnerable Software and Affected Versions ChromaDB versions 1.0.0 through 1.5.8

Description A pre-authentication code injection issue exists in the ChromaDB Python project. An unauthenticated attacker can execute arbitrary code on the server by sending a malicious model repository (such as a crafted Hugging Face model) and setting the trust remote code variable to true. This occurs because the server processes the model configuration and executes the code before performing authentication checks. The issue specifically affects the Python server based on FastAPI, while the Rust-based execution method is not impacted. Successful exploitation allows full control over the server process, enabling the theft of sensitive information including API keys, environment variables, and disk files, as well as privilege escalation and lateral movement within AI infrastructure. The vulnerability is actively being exploited in the wild, with over 4,500 instances identified via FOFA and approximately 73% of internet-facing deployments estimated to be affected. The flaw is triggered via the '/api/v2/tenants/{tenant}/databases/{db}/collections' endpoint.

Recommendations Restrict network access to the ChromaDB port to trusted clients only. As a temporary workaround, switch to the Rust-based execution method (chroma run or Docker images) to avoid the vulnerable Python FastAPI server. At the moment, there is no information about a newer version that contains a fix for this vulnerability.